Latest Cyber Security News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known …
CISA Warns of Active Exploitation in GitHub Action Supply Chain CompromiseRead More
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and …
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code EditorsRead More
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially …
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017Read More
Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud …
Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud SecurityRead More
A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out …
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and BrickingRead More
Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct …
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive AdsRead More
While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four …
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union …
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage OperationRead More
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected …
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy AbuseRead More
Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an …
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto WalletsRead More
A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public …
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public DisclosureRead More
An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in …
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last YearRead More
Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' actions. That's according to new …
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ ActionsRead More
From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week's cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups …
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and MoreRead More
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently …
SANS Institute Warns of Novel Cloud-Native Ransomware AttacksRead More
Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous …
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 RepositoriesRead More
Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring …
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before RemovalRead More
A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally …
Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime ChargesRead More
The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security …
GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform MessagingRead More
Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea's Chief Security …
Live Ransomware Demo: See How Hackers Breach Networks and Demand a RansomRead More
